Thursday, June 14, 2012

About state-sponsored attackers

I must say that it is quite unpleasant when you open your GMail box in the morning (or in the evening) to get this banner: "Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer".Once you have found what it is about, you are even more frustrated because you can't do anything about it, except 'strengthen' the security of your account.But even then, the banner continues to appear. Does the 'state-sponsored' agency continues to pip into your emails (and computer)? Google won't tell you.And why in India? On the subject of 'state-sponsored' actors on June 4, 2012, Republican Senator John McCain testified in front of the Committee on Armed Services of the United State Senate. He said:

I believe that cyber warfare will be the key battlefield of the 21st century, and I am concerned about our ability to fight and win in this new domain. I authored a provision in the bill that requires the commander of U.S. Cyber Command to provide a strategy for the development and deployment of offensive cyber capabilities. I am very concerned that our strategy is too reliant on defensive measures in cyber space, and believe we need to develop the capability to go on the offense as well.This provision to craft a comprehensive strategy should spur U.S. Cyber Command to develop this offensive capability effectively and at a reasonable cost to the taxpayer.

The question remains why should individual being 'warned' if they don't have the possibility to do anything about it. It is just bad publicity for Google.

Google to Warn Users About Possible 'State-Sponsored' Attacks
Chloe AlbanesiusPCMag.com
June 5, 2012
Google has been rather warning-happy lately; from alerts about malware to blocked websites in China. Today, however, the search giant expanded those efforts with security warnings about state-sponsored attacks.
Google said the warnings will appear for a "subset" of users who Google believes "may be the target of state-sponsored attacks." When activated, a pink bar will appear atop various Google services (see below) with a warning that reads: "We believe state-sponsored attackers may be attempting to compromise your account of computer. Protect yourself now." The "protect yourself" text will link to a page with steps you can take to guard against unwanted intrusions.
That includes creating strong passwords, enabling Google's two-step verification, and updating your browser, OS, plugins, and document editors, Eric Grosse, vice president of security engineering at Google, wrote in a blog post.
Grosse warned users about phishing attacks that spoof Google services; be sure that the URL reads "https://accounts.google.com/" before entering your Google password.
"If you see this warning it does not necessarily mean that your account has been hijacked," Grosse said. Nor does it mean that Google's own system has been compromised.
"It just means that we believe you may be a target, of phishing or malware for example, and that you should take immediate steps to secure your account," he said.
How does Google detect these possible attacks? "We can't go into the details without giving away information that would be helpful to these bad actors, but our detailed analysis—as well as victim reports—strongly suggest the involvement of states or groups that are state-sponsored," Grosse wrote.
The news comes several days after Google announced plans to display warnings to Search users in mainland China when their query was likely to result in an error beyond the search giant's control.
Google has had a rather tumultuous relationship with Chinese officials in recent years. In January 2010, Google said there were attempts to hack into the Gmail accounts of Chinese human rights activists. At the time, Google pledged to no longer censor search results in China, even if that meant pulling out of the country entirely, and re-routed all Google.cn traffic to the uncensored Google.com.hk. Unsurprisingly, a Chinese minister warned of "consequences" if Google continued redirecting its results. Finally, the two parties settled on a hybrid solution.
Last month, Google also pledged to warn users whose computers or home routers appear to be infected with the DNSChanger malware. Google first started adding malware warnings to search results last summer after it noticed some unusual activity on its network while conducting routine data center maintenance. Google said last month that that effort resulted in warnings for 1 million of its users.